Several Microsoft Updates were released as part of the January 2022 Patch Tuesday collection which can cause significant issues on some servers and desktops. As of last Thursday, Microsoft had pulled the server updates due to the issues reported, however, this was temporary, and these updates are now available again via Windows Updates. If your company uses patch management and has already downloaded these updates, it is recommended to avoid deploying them until corrective patches are provided from Microsoft. Reference the full list of updates in Microsoft's monthly release notes here.
Beringer is your full-service managed IT support team. For a free consultation, contact our team today.
Affected Operating Systems
Windows Server 2012, 2019 and 2022
Windows 10 and 11
- Windows Server 2012 R2 KB5009624 update
- Windows Server 2019 KB5009557 update
- Windows Server 2022 KB5009555 update
- Security updates to fix four different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847)
- Security updates to address remote execution code vulnerabilities in ReFS named: CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928
- Windows 10 KB5009543 cumulative update
- Windows 11 KB5009566 cumulative update
From an article posted to BleepingComputer.com on January 12th, we see reports of KB5009557 (Windows Server 2019) and KB5009555 (Windows Server 2022) are causing something to fail on domain controllers after updates are applied and the server is rebooted. Result? These servers get caught in repeating boot up loop and produce an error:
"The process wininit.exe has initiated the restart of computer [computer_name] on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart."
Removing the above-mentioned updates resolves the problem.
Microsoft has also created a "known issue" report on KB5009557 - "domain controllers might restart unexpectedly" - status is "Investigating".
Hyper-V Cannot Start
Further reports show that primarily Windows 2012 servers running Hyper-V may encounter errors where the platform will not boot and displays an error:
"Virtual machine xxx could not be started because the hypervisor is not running."
Removing the Hyper-V vulnerabilities updates resolves the issue.
ReFS NOT ACCESSIBLE
In addition to the issues above, there are also reports that servers lose access to Windows Resilient File System (ReFS) or the volumes show up in an unformatted (RAW) state. The volumes were not damaged, just showing an incorrect status.
Again, removing the related vulnerability patches resolves the problems.
Broken L2TP VPN Connections
In a second article from BleepingComputer.com we see that the recent cumulative updates for Windows 10 and 11 are causing native-client VPN connection errors "Can't connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." Error code 789 will also be seen in event logs with an error showing a failed VPN connection.
As with the server patches noted above, uninstalling the cumulative updates resolves the errors.
Administrators can run the appropriate command below to remove the most recent cumulative update affected systems. (at an elevated command prompt)
Windows Server 2012 R2: wusa /uninstall /kb:KB5009624
Windows Server 2019: wusa /uninstall /kb:KB5009557
Windows Server 2022: wusa /uninstall /kb:KB5009555
Windows 10: wusa /uninstall /kb:5009543
Windows 11: wusa /uninstall /kb:5009566
Bear in mind that uninstalling the last cumulative update may also remove other recent patches. If your servers are not encountering these issues, it may be prudent to leave the updates in place, to maintain the highest level of protection.
Seeing issues after Windows updates have been installed? Beringer can help!
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution also provides expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Email Security Implementation and Training, Unified Communication Solutions, and Cybersecurity Risk Assessment.